package com.marketlive.app.b2c.struts.security;

/*
(C) Copyright MarketLive. 2006. All rights reserved.
MarketLive is a trademark of MarketLive, Inc.
Warning: This computer program is protected by copyright law and international treaties.
Unauthorized reproduction or distribution of this program, or any portion of it, may result
in severe civil and criminal penalties, and will be prosecuted to the maximum extent
possible under the law.
*/

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.action.*;
import org.apache.struts.actions.DispatchAction;

import javax.servlet.http.*;

import com.marketlive.app.b2c.WebUtil;

/**
 * Created by IntelliJ IDEA.
 * User: PeterS
 * Date: Jan 19, 2006
 * Time: 10:56:39 AM
 * Adds SSL functionality to MML Dispatch type Actions -- which extend this one. The action must be configured via the
 * action-servlet.xml file with a secureAction parameter in order to enable SSL.
 */
public abstract class SSLSupportDispatchAction extends DispatchAction {
    private static Log log = LogFactory.getLog(SSLSupportDispatchAction.class);

    private boolean secureAction = false;


    public ActionForward execute(ActionMapping mapping,
                                 ActionForm form,
                                 HttpServletRequest request,
                                 HttpServletResponse response) throws Exception {

        log.debug( "SSLSupportDispatchAction: " + request.getRequestURI());

        try {
            // If the input request is correct, we will use it, else we redirect to the corrected version.
            if (checkSSL(request, response)) {
               log.debug("SSL connection not required for the requested action");
               return null;
            }

            ActionForward actionForward = super.execute(mapping, form, request, response);
            return actionForward;

        } catch (Exception e) {
            log.error("Exception occurred during the execution of the SSLSupportAction: ", e);
            return WebUtil.findForward(request, mapping, "ERROR");
        }
    }

    /**
     * Checks the SSL/Port settings for the input request. If the input request is correct with its
     * configuration, that request is used. If the input request is not correct, it is corrected and
     * forwarded to the request with the correct settings for SSL/Port.
     * Note: by SSL, I mean either Http/Https.
     * @param request
     * @param response
     * @return
     */
    private boolean checkSSL(HttpServletRequest request,
                             HttpServletResponse response) {
        
        // check to see if we need to force SSL for displaying B2C in a secure Admin
        boolean overrideSecure = (request.getSession().getAttribute("B2CSSLOverride") != null)? true:secureAction;     
        
        // set the redirect string
        String redirectString = SSLUtility.getRedirectString(request, getServlet().getServletContext(), overrideSecure);
        
        if (redirectString != null) {
            try {
                // Redirect the page to the desired URL
                log.debug("SSL connection required for the requested action, will redirect.");
                response.sendRedirect(response.encodeRedirectURL(redirectString));
                return true;
            } catch (Exception ioe) {
                log.error("Exception occurred attempting to CheckSSL for an action: ", ioe);
            }
        }

        return false;
    }

    /**
     * Setter for the secureAction parameter which determines if calls to this action will be done via http or https.
     * @param secureAction
     */
    public void setSecureAction(boolean secureAction) {
        this.secureAction = secureAction;
    }

}


